I just returned from a two week book tour with marketers in the UK and Norway. If there was one topic that overshadowed most marketing conversations, it was GDPR.

The EU’s General Data Protection Regulation (GDPR) is the sweeping new EU regulation on marketing data that will impact any company that offers goods or services to EU residents or tracks them for analytics or advertising purposes. That’s basically every global business. The regulation goes into affect in May 2018 and penalties are severe (up to 4% of annual global revenue).

While the awareness is lower outside of Europe (80% in a recent Dell survey said they knew little about GDPR), GDPR has massive implications worldwide. One study by Veritas Technologies said that 47% of global organizations have doubts they’ll meet the compliance deadline and 20% fear that GDPR could put them out of business. Another study reported that GDPR will make 75% of UK marketing data obsolete.

GDPR fundamentally transforms how companies have to handle personal data. Among the changes, it redefines what counts as “consent” from customers to collect and analyze their data. It also gives customers the “right to be forgotten.” In the data-driven marketing gold rush the last few years, businesses collected data from so many sources, they frequently don’t know what data they have and where.

As GDPR awareness leads to panic and eventually to action, it will be interesting to see the impact on marketing and working with personal data in 2018.

Here are a few cartoons I’ve drawn over the years on marketing with personal data: